 |
Post AjnGbUqcAH8B8fYmrg by [email protected] |
 |
More posts by [email protected] |
|
Post #AjlxVLF6s0htKDPQqu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Microsoft CVE-2024-38112 being exploited ITW, discovered by Haifei Li, is sort … |
|
|
|
Post #AjmmriGx1RE0mdhAW0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann To all my windows fellows... Enable SRP (Software restriction policie… |
|
|
|
Post #AjmmriMyf22t5KVyuO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@TheTomas SRP has been deprecated since Windows 1803, so if you are relying on … |
|
|
|
Post #Ajn2wVpWJCwwuOAv1k by [email protected] |
|
0 likes, 1 repeats |
|
|
|
What's the significance of having something open up in IE vs. Edge?IE is wa… |
|
|
|
Post #AjnG635lJGak4xeLkO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@TheTomas @wdormann Outbound Windows firewall rule denying mshta should also wo… |
|
|
|
Post #AjnGbUqcAH8B8fYmrg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@yonderboy @TheTomas I wouldn't count on that. At the point that mshta is r… |
|
|
|
Post #AjnMfxebbZL3MaSHBo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann With this update, are mhtml URIs only disabled when located in .URL f… |
|
|
|
Post #AjnMfxkdFA9vfHH5aC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@decalage That's a touch trickier to answer.Even after the patch, HKCR\PROT… |
|
|
|
Post #AjnewIue8Dkh6Wttaa by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormannA file in INETCACHE is Internet Zone, it doesn't need a Zone.Ident… |
|
|
|
Post #AjnewJ11kUr9QJszXE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Ericlaw Yeah, I had noticed that SAC did come into play if I attempted to run … |
|
|
|
Post #AjnewJC15de9yP1lfE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
https://textslashplain.com/2022/12/02/mark-of-the-web-additional-guidance/Secti… |
|
|
|
Post #Ajp6d7RPYAGHtlpHjU by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Let's play a game and see if we can eliminate variables.This time with no I… |
|
|
|
Post #AjpALPiRGZcVBFbUYa by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Just to be clear, SmartScreen *is* checking the .HTA file that is downloaded fr… |
|
|
|
Post #AjpUL0fcNoGAaQMwoC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Let's tie this all together.With the CVE-2024-38112 exploit, the combinatio… |
|
|
|
Post #AjpWhXdcgpoP76J8Vs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann The design intent of SmartScreen AppRep is to suppress security warni… |
|
|
|
Post #AjpXNwnRXelzIs7bJg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Ericlaw Agreed, but I also think "if it got this far, that's still ba… |
|
|
|
Post #AjpesacAlKy1AEPNIm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann @Ericlaw I don't currently have a windows install (bare metal or … |
|
|
|
Post #AjpesaiYNc4TU1OTFQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@starchturrets @Ericlaw Process Monitor is probably easier.In the case where ms… |
|
|
|
Post #AjpiG5IR9e16qQ4WMi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog @wdormann Files that are known to be malicious, or not known to be… |
|
|
|
Post #AjpixifKekavOkaV6G by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@tychotithonus I don't think I understand your proposal. The *whole point* … |
|
|
|
Post #AjpixiliH1hNiXZb2u by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Ericlaw Heh, maybe I'm missing the logical upshot, then.If the described z… |
|
|
|
Post #Ak3ng26OrFlwvs4dwu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Last week Microsoft changed the CWE for CVE-2024-38112 fromCWE-668 : Exposure o… |
|
|
|
Post #Ak8K2Gmsuh360wQt9c by [email protected] |
|
0 likes, 1 repeats |
|
|
|
The way I see this attack is:Behavior 1 (can launch web content in IE using mht… |
|
|
|
Post #AkEcZ5NBKzHwIAy2hE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Since nobody outside of Microsoft will be able to tell what CVE-2024-38112 actu… |
|
|
|
Post #AkFLNG9JwPM0B2DdT6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann The filename in Edge isn't technically "wrong", as it&#… |
